Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3520419pxu; Tue, 8 Dec 2020 14:26:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJydEhTI6TmB8MlApUC+qTNk758jbDJWFMVeLO7ge9bTROvc1kU0lCxrwUgka/lUoKkpLJH8 X-Received: by 2002:a17:906:5e0f:: with SMTP id n15mr25115799eju.459.1607466405143; Tue, 08 Dec 2020 14:26:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607466405; cv=none; d=google.com; s=arc-20160816; b=RXAOSxirj/fS7/RbVTFWZlpGw5Rd7MxCihsLUj33trtlH8XMyFuz/H+wZ/fsaN//Hu Pdz/QBaBuDzeJVRt6U8YRpIJKrQmw49TXchv6vg7kTTrczpq8sFPOezM0ZHqz77qsmpZ qnGYPCt4FlIw1yKrjYuGzH2iMGLqVm7VIExMNC2KQFfmcmiN7Fo4Bx8xJpsoARxHi6Vj Xy0Gr9ld9RsIVw7uJF04m+LI9gfQf+DoQDaXPnU3rgO9xvz7kdSpbi+rlFt+YhzqP3r6 BxHA2JSfWV7X91yHAbN1NiKBLygWlIamGEXp0RQb3RTX9aR5DX1tRQ/KMXnN1HrUH/C1 aVSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7ZNiPYw40sliX0Vf+8f1KPJclmOw/mEiiXP4YtA29os=; b=J11U2/Z3MiCje5TUDJEiEF2YpK9oRPo2/4Pedr6HyjOB0c6EuJyWGVhASX1w5BwIKk Y/AqL/nHcVNsZ6voe4i26HUcmSxGgVcHjNIHe3Y3MFxf3DVN4K9G8Xz81zOqngyWiyFM MdHgCsM1A4WUZ7Q9eyadNn6KiNzFU74kdDf7mMp0zqMaYTVvWnZLClTS8N1Rm57uLky9 A9iwwQEMFKBzQ0M+KPVYU+n4pTi+GcNkHEeO7OreecMQLbF/ULVb5jiNObtyahmF0KCD kJ2hxmZIk29HJ1qgBlhEmUoDbKMPil3wmQnXcpoGS3iIS6qahQ0qJ0jqM89x8Hgd/gB0 3tIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=cv+f7gaz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b22si6470249ejk.400.2020.12.08.14.26.22; Tue, 08 Dec 2020 14:26:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=cv+f7gaz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730893AbgLHWWc (ORCPT + 99 others); Tue, 8 Dec 2020 17:22:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730297AbgLHWWb (ORCPT ); Tue, 8 Dec 2020 17:22:31 -0500 Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E1FBC0613D6 for ; Tue, 8 Dec 2020 14:21:51 -0800 (PST) Received: by mail-ed1-x544.google.com with SMTP id v22so19235947edt.9 for ; Tue, 08 Dec 2020 14:21:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7ZNiPYw40sliX0Vf+8f1KPJclmOw/mEiiXP4YtA29os=; b=cv+f7gaz46kk7+ocM3oe/Fbj9/1I2zmrfAcfNRRUhiAcMaOX/RyI5qDVXBNajsq866 T7Bf5XKsHfrdiIEy9Ecm6eex7PG20lRkpAd02JCI9Pu4/ZjtEDHhGnxwT1jUuFoASz0H COk5A/u261XhJNpyB/xgdw6WEnURwZelkDETT7tEynUoriEpoNIE3KfHlXJ4XcIUVX1l nsojHvZjDSetRE8/DhI2ie7yz7F/p2PYGQyt550IL19r9795pYcS1K1gDeeOxs/5jAqg 27sHcZyUz7F+7bF9ta4sTvzsG+BCu1A/K5tQY1kn9pepIt/2BGjNcM/ACgMlq3tDWQAk Gy0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7ZNiPYw40sliX0Vf+8f1KPJclmOw/mEiiXP4YtA29os=; b=AKO7f4ga8BZ8lWB0F9gVt1PuqVP1Z4fnmmFDEjTjAKlzaxSGMcd4kvXIudDe7+lRTB HCHQ7Jk2xoztxF2GzrhR9vHusSkQWexLOPbM6g98GrmfaDwpla9k08CkHKcZf3O5Rf0G TTiOPz5FdAXz/OGqAOCTUe9tshGtD5ER1opoGephthlIIpu54FYIJnP6RN6TImZJZ4Rn vqoSw1BPSJhaTQwaS46IDgngZ5uMYOkN41FgWgLvUytdHnR0idMxjkYPNcylNH7VaIzr lEksLK9aqnIMsdW531xNY3nX1X3cWE0+bzaqxuZGeqKMJKv0f6Oz9Aivtd2ioKjBCM3s Jc6w== X-Gm-Message-State: AOAM532AQyrhVxEQEUIUSDwgaLy8g6VUvxcZvRa7wsbHQmSks48VdNgm lVI2hnzAcZLP5jcxiC8Up2AQqCyPgi/uVVa1oEglxQ== X-Received: by 2002:a50:e00f:: with SMTP id e15mr125619edl.210.1607466110060; Tue, 08 Dec 2020 14:21:50 -0800 (PST) MIME-Version: 1.0 References: <20201207225703.2033611-1-ira.weiny@intel.com> <20201207225703.2033611-3-ira.weiny@intel.com> <20201207232649.GD7338@casper.infradead.org> <20201207234008.GE7338@casper.infradead.org> <20201208213255.GO1563847@iweiny-DESK2.sc.intel.com> In-Reply-To: <20201208213255.GO1563847@iweiny-DESK2.sc.intel.com> From: Dan Williams Date: Tue, 8 Dec 2020 14:21:48 -0800 Message-ID: Subject: Re: [PATCH V2 2/2] mm/highmem: Lift memcpy_[to|from]_page to core To: Ira Weiny Cc: Matthew Wilcox , Thomas Gleixner , Andrew Morton , Dave Hansen , Christoph Hellwig , Al Viro , Eric Biggers , Joonas Lahtinen , Linux Kernel Mailing List , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 8, 2020 at 1:33 PM Ira Weiny wrote: > > On Mon, Dec 07, 2020 at 03:49:55PM -0800, Dan Williams wrote: > > On Mon, Dec 7, 2020 at 3:40 PM Matthew Wilcox wrote: > > > > > > On Mon, Dec 07, 2020 at 03:34:44PM -0800, Dan Williams wrote: > > > > On Mon, Dec 7, 2020 at 3:27 PM Matthew Wilcox wrote: > > > > > > > > > > On Mon, Dec 07, 2020 at 02:57:03PM -0800, ira.weiny@intel.com wrote: > > > > > > +static inline void memcpy_page(struct page *dst_page, size_t dst_off, > > > > > > + struct page *src_page, size_t src_off, > > > > > > + size_t len) > > > > > > +{ > > > > > > + char *dst = kmap_local_page(dst_page); > > > > > > + char *src = kmap_local_page(src_page); > > > > > > > > > > I appreciate you've only moved these, but please add: > > > > > > > > > > BUG_ON(dst_off + len > PAGE_SIZE || src_off + len > PAGE_SIZE); > > > > > > > > I imagine it's not outside the realm of possibility that some driver > > > > on CONFIG_HIGHMEM=n is violating this assumption and getting away with > > > > it because kmap_atomic() of contiguous pages "just works (TM)". > > > > Shouldn't this WARN rather than BUG so that the user can report the > > > > buggy driver and not have a dead system? > > > > > > As opposed to (on a HIGHMEM=y system) silently corrupting data that > > > is on the next page of memory? > > > > Wouldn't it fault in HIGHMEM=y case? I guess not necessarily... > > > > > I suppose ideally ... > > > > > > if (WARN_ON(dst_off + len > PAGE_SIZE)) > > > len = PAGE_SIZE - dst_off; > > > if (WARN_ON(src_off + len > PAGE_SIZE)) > > > len = PAGE_SIZE - src_off; > > > > > > and then we just truncate the data of the offending caller instead of > > > corrupting innocent data that happens to be adjacent. Although that's > > > not ideal either ... I dunno, what's the least bad poison to drink here? > > > > Right, if the driver was relying on "corruption" for correct operation. > > > > If corruption actual were happening in practice wouldn't there have > > been screams by now? Again, not necessarily... > > > > At least with just plain WARN the kernel will start screaming on the > > user's behalf, and if it worked before it will keep working. > > So I decided to just sleep on this because I was recently told to not introduce > new WARN_ON's[1] > > I don't think that truncating len is worth the effort. The conversions being > done should all 'work' At least corrupting users data in the same way as it > used to... ;-) I'm ok with adding the WARN_ON's and I have modified the patch > to do so while I work through the 0-day issues. (not sure what is going on > there.) > > However, are we ok with adding the WARN_ON's given what Greg KH told me? This > is a bit more critical than the PKS API in that it could result in corrupt > data. That situation was a bit different in my mind because the default fallback stub path has typically never had WARN_ON even if it's never supposed to be called.